<?php
	$HOST_NAME = 'localhost';
	$USERNAME = 'mrc02_login';
	$PASSWORD = 'loginDB';
	$DB = 'mrc0260_sportinggoodscompany';
	$TABLE = 'sgc_users';
	
	session_start();

	include 'functions.php';
	include 'Mail.php';
	$firstNameErr = $lastNameErr = $emailErr = $usernameErr = $password1Err = $password2Err = $passwordMatchErr = "";
	$firstName = $firstName;
	$lastName = $email = $username = $password1 = $password2 = "";
	$hasErrors = FALSE;
	if($_SERVER["REQUEST_METHOD"] == "POST")
	{
		$CON = mysqli_connect($HOST_NAME,$USERNAME,$PASSWORD,$DB) or die(mysql_error());
		$sql = "SELECT * FROM $TABLE WHERE use_username='$_SESSION[username]' and use_password='$_SESSION[password]'";
		$result = mysqli_query($CON, $sql) or die(mysqli_error($CON));
		$row = mysqli_fetch_row($result);
		$firstName = $row[0];
		$lastName = $row[1];
		$email = $row[2];
		$username = $row[3];
		
		if(empty($_POST["email"])){
			$emailErr = "Missing";
			$hasErrors = TRUE;
		}
		elseif(!filter_var($_POST["email"], FILTER_VALIDATE_EMAIL)){
			$emailErr = "Invalid Email";
			$hasErrors = TRUE;
		}
		else{
			$email = $_POST["email"];
		}
		if(empty($_POST["password1"])){
			$password1Err = "Missing";
			$hasErrors = TRUE;
		}
		else{
			$password1 = $_POST["password1"];
		}
		if(empty($_POST["password2"])){
			$password2Err = "Missing";
			$hasErrors = TRUE;
		}
		else{
			$password2 = $_POST["password2"];
		}
		if($_POST["password1"] != $_POST["password2"]){
			$passwordMatchErr = "The two passwords must be identical";
			$hasErrors = TRUE;
		}
		if(!$hasErrors){
                        $CON = mysqli_connect($HOST_NAME,$USERNAME,$PASSWORD,$DB) or die(mysql_error());
                        $password = md5(mysqli_real_escape_string($CON,$password1));
                        $query = "UPDATE $TABLE SET use_email='$email', use_password='$password' WHERE use_first_name ='$firstName' AND use_username='$username'";
                        $success = mysqli_query($CON, $query) or die(mysql_error());
                        mysqli_close($CON);

		}
	}
	else{
		$CON = mysqli_connect($HOST_NAME,$USERNAME,$PASSWORD,$DB) or die(mysql_error());
		$sql = "SELECT * FROM $TABLE WHERE use_username='$_SESSION[username]' and use_password='$_SESSION[password]'";
		$result = mysqli_query($CON, $sql) or die(mysqli_error($CON));
		$row = mysqli_fetch_row($result);
		$firstName = $row[0];
		$lastName = $row[1];
		$email = $row[2];
		$username = $row[3];
	}
	

?>
<html>
	<head>
	<title>Hyrule Sports</title>
	<link rel="stylesheet" type="text/css" href="sitestyle.css" />
	</head>
	
	<body>
	<div id="wrapper">
		<div id="header">
			<?php
			login();
			?>
		</div>
		<div id="middle">
			<div id="navbar">
			</div>
			<div id="content">
				<div id="formdiv">
					<form action="myprofile.php" method="post">
						<ul class="formlist">
							<li><label class="formlabel" for="firstname">First Name: </label> 
							<label><?php echo htmlspecialchars($firstName);?></label>
								</li><br>
							<li><label class="formlabel" for="lastname">Last Name: </label>	
							<label><?php echo htmlspecialchars($lastName);?></label></li><br>
							<li><label class="formlabel" for="username">Username: </label>
							<label><?php echo htmlspecialchars($username);?></label></li><br>
							<li><label class="formlabel" for="email">Email</label>
							<input type="text" name="email" value="<?php echo htmlspecialchars($email);?>">
								<span class="error"><?php echo $emailErr;?></span></li><br>							
							<li><label class="formlabel" for="password1">Password</label>
							<input type="password" name="password1" value="<?php echo htmlspecialchars($password1);?>">
								<span class="error"><?php echo $password1Err;?></span></li><br>
							<li><label class="formlabel" for="password2">Re-enter Password</label>
							<input type="password" name="password2" value="<?php echo htmlspecialchars($password2);?>">
								<span class="error"><?php echo $passwordMatchErr;?></span></li><br>
							</ul>
							<input type="submit" name="Submit" value="Update" class="submit">
					</form>
				</div>
			</div>
		</div>
		<div id="footer">
		</div>
	</div>
	</body>
</html>
